CVE-2024-37371

In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields.
Configurations

Configuration 1 (hide)

cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*

History

18 Sep 2024, 12:39

Type Values Removed Values Added
CPE cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
First Time Debian debian Linux
Debian

27 Aug 2024, 17:47

Type Values Removed Values Added
First Time Mit
Mit kerberos 5
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.1
CPE cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:*
References () https://github.com/krb5/krb5/commit/55fbf435edbe2e92dd8101669b1ce7144bc96fef - () https://github.com/krb5/krb5/commit/55fbf435edbe2e92dd8101669b1ce7144bc96fef - Patch
References () https://web.mit.edu/kerberos/www/advisories/ - () https://web.mit.edu/kerberos/www/advisories/ - Vendor Advisory
CWE NVD-CWE-Other

01 Jul 2024, 12:37

Type Values Removed Values Added
Summary
  • (es) En MIT Kerberos 5 (también conocido como krb5) anterior a 1.21.3, un atacante puede provocar lecturas de memoria no válidas durante el manejo de tokens de mensajes GSS al enviar tokens de mensajes con campos de longitud no válidos.

28 Jun 2024, 23:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-06-28 23:15

Updated : 2024-09-18 12:39


NVD link : CVE-2024-37371

Mitre link : CVE-2024-37371

CVE.ORG link : CVE-2024-37371


JSON object : View

Products Affected

mit

  • kerberos_5

debian

  • debian_linux